Support SM9 (cryptography standard)

[nntp4]

Background

SM9 is a Chinese national cryptography standard for Identity Based Cryptography issued by the Chinese State Cryptographic Authority in March 2016(from wikipedia). it is also standardized in ISO 18033-5 .

Use cases

1. communication between distributed IoT Devices, such as V2x (ie. vehicle to vehicle )
2. communication between IoT Devices and Cloud Services, such as EV Charging Points and Cloud Services
3. ...

[yang8621]

Does openssl support SM9?

[nntp4]

Does openssl support SM9?

it doesn't. But SM9 is implemented in GmSSL https://github.com/guanzhi/GmSSL. Should we use GmSSL in eHSM? @yang8621

[yang8621]

eHSM depends on a customized openssl: https://github.com/intel/intel-sgx-ssl/tree/support_tls. It's forked from openssl but provides two functions:

1. SGX customization, aka syscall handling. 2. SGX-based attested TLS.

eHSM is not a libOS-based solution, so that Gmssl cannot be used directly. SM9 has values in various use cases, as you mentioned. I will also do some homework on it. But currently, there are gaps to support it.

[nntp4]

Thanks for your reply. If I want to do this work, could you give me some advice? I'm a newbie for Intel SGX.

[yang8621]

With pleasure. The 1st thing is to build gmssl into sgx enclave. You can refer to https://github.com/intel/linux-sgx/blob/master/SampleCode/SampleEnclave/Makefile, especially focus on the Enclave settings. Standard std files cannot be used, instead, only SGX supported headers can be used. SGX removes all syscall support inside enclave, so that you may encounter many compiling errors like get time, IO, or even printf() etc. You can either disable the unused functions, or rewrite the function by SGX SDK: send sgx ocall to the ROS.